story-short-scan
Audited by Socket on May 22, 2026
2 alerts found:
Anomalyx2This module is an authenticated automation script that logs in via an existing Chrome session by harvesting a sensitive Admin-Token cookie using CDP-evaluated JavaScript, then uses that token to call privileged management API endpoints and writes scraped results to a local Markdown file. No explicit malware/persistence/destructive actions are evident in this fragment; however, the credential-extraction pattern and dynamic code execution (evalJSON with string-built browser-side code) materially increase supply-chain security risk and would be unacceptable in many threat models. Risk severity is driven by token theft/misuse characteristics, not by overt exploitation or system compromise behavior in the shown code.
The skill is mostly aligned with its stated market-scan purpose, but it reaches into a logged-in Chrome session to extract auth tokens and query a backend management API. That makes it higher-trust than a normal content-analysis skill; overall this looks suspicious/moderate-risk rather than clearly malicious because data appears to flow to official platform endpoints, not third-party collectors.